Merge pull request #9070 from rgacogne/boost-173

[thirdparty/pdns.git] / pdns / dnscrypt.hh

diff --git a/pdns/dnscrypt.hh b/pdns/dnscrypt.hh
index 86ddcd20159fdad28b485fd3b97bafa7dab323bc..a010ebdc5a7a99bf64aed7ec37b5f02ef0222dae 100644 (file)
--- a/pdns/dnscrypt.hh
+++ b/pdns/dnscrypt.hh
@@ -51,6 +51,7 @@ private:
 #include <sodium.h>
 
 #include "dnsname.hh"
+#include "lock.hh"
 
 #define DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE (crypto_sign_ed25519_PUBLICKEYBYTES)
 #define DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE (crypto_sign_ed25519_SECRETKEYBYTES)
@@ -254,16 +255,24 @@ public:
   static DNSCryptExchangeVersion getExchangeVersion(const unsigned char esVersion[sizeof(DNSCryptCert::esVersion)]);
   static DNSCryptExchangeVersion getExchangeVersion(const DNSCryptCert& cert);
 
-  DNSCryptContext(const std::string& pName, const std::string& certFile, const std::string& keyFile);
-  DNSCryptContext(const std::string& pName, const DNSCryptCert& certificate, const DNSCryptPrivateKey& pKey);
+  struct CertKeyPaths
+  {
+    std::string cert;
+    std::string key;
+  };
 
-  void reloadCertificate();
+  DNSCryptContext(const std::string& pName, const std::vector<CertKeyPaths>& certKeys);
+  DNSCryptContext(const std::string& pName, const DNSCryptCert& certificate, const DNSCryptPrivateKey& pKey);
+  ~DNSCryptContext();
+  
+  void reloadCertificates();
   void loadNewCertificate(const std::string& certFile, const std::string& keyFile, bool active=true, bool reload=false);
   void addNewCertificate(const DNSCryptCert& newCert, const DNSCryptPrivateKey& newKey, bool active=true, bool reload=false);
+
   void markActive(uint32_t serial);
   void markInactive(uint32_t serial);
   void removeInactiveCertificate(uint32_t serial);
-  std::vector<std::shared_ptr<DNSCryptCertificatePair>> getCertificates() { return certs; };
+  std::vector<std::shared_ptr<DNSCryptCertificatePair>> getCertificates() { return d_certs; };
   const DNSName& getProviderName() const { return providerName; }
 
   int encryptQuery(char* query, uint16_t queryLen, uint16_t querySize, const unsigned char clientPublicKey[DNSCRYPT_PUBLIC_KEY_SIZE], const DNSCryptPrivateKey& clientPrivateKey, const unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2], bool tcp, uint16_t* encryptedResponseLen, const std::shared_ptr<DNSCryptCert>& cert) const;
@@ -273,12 +282,14 @@ public:
 private:
   static void computePublicKeyFromPrivate(const DNSCryptPrivateKey& privK, unsigned char pubK[DNSCRYPT_PUBLIC_KEY_SIZE]);
   static void loadCertFromFile(const std::string&filename, DNSCryptCert& dest);
+  static std::shared_ptr<DNSCryptCertificatePair> loadCertificatePair(const std::string& certFile, const std::string& keyFile);
+
+  void addNewCertificate(std::shared_ptr<DNSCryptCertificatePair>& newCert, bool reload=false);
 
-  pthread_rwlock_t d_lock;
-  std::vector<std::shared_ptr<DNSCryptCertificatePair>> certs;
+  ReadWriteLock d_lock;
+  std::vector<std::shared_ptr<DNSCryptCertificatePair>> d_certs;
+  std::vector<CertKeyPaths> d_certKeyPaths;
   DNSName providerName;
-  std::string certificatePath;
-  std::string keyPath;
 };
 
 bool generateDNSCryptCertificate(const std::string& providerPrivateKeyFile, uint32_t serial, time_t begin, time_t end, DNSCryptExchangeVersion version, DNSCryptCert& certOut, DNSCryptPrivateKey& keyOut);